Bump the dependencies group across 1 directory with 6 updates

[dependabot[bot]]

Bumps the dependencies group with 6 updates in the / directory:

Package	From	To
sentry-sdk	2.13.0	2.17.0
importlib-metadata	7.2.1	8.5.0
flask-cors	4.0.1	5.0.0
waitress	3.0.0	3.0.1
jupyterhub	5.1.0	5.2.1
pytest	8.3.2	8.3.3

Updates sentry-sdk from 2.13.0 to 2.17.0

Release notes

Sourced from sentry-sdk's releases.

2.17.0

Various fixes & improvements

• Add support for async calls in Anthropic and OpenAI integration (#3497) by @​vetyy
• Allow custom transaction names in ASGI (#3664) by @​sl0thentr0py
• Langchain: Handle case when parent span wasn't traced (#3656) by @​rbasoalto
• Fix Anthropic integration when using tool calls (#3615) by @​kwnath
• More defensive Django Spotlight middleware injection (#3665) by @​BYK
• Remove ensure_integration_enabled_async (#3632) by @​sentrivana
• Test with newer Falcon version (#3644, #3653, #3662) by @​sentrivana
• Fix mypy (#3657) by @​sentrivana
• Fix flaky transport test (#3666) by @​sentrivana
• Remove pin on sphinx (#3650) by @​sentrivana
• Bump actions/checkout from 4.2.0 to 4.2.1 (#3651) by @​dependabot

2.16.0

Integrations

• Bottle: Add failed_request_status_codes (#3618) by @​szokeasaurusrex

  You can now define a set of integers that will determine which status codes should be reported to Sentry.

  sentry_sdk.init(
      integrations=[
          BottleIntegration(
              failed_request_status_codes={403, *range(500, 600)},
          )
      ]
  )
  

  Examples of valid failed_request_status_codes:

  • {500} will only send events on HTTP 500.
  • {400, *range(500, 600)} will send events on HTTP 400 as well as the 5xx range.
  • {500, 503} will send events on HTTP 500 and 503.
  • set() (the empty set) will not send events for any HTTP status code.

  The default is {*range(500, 600)}, meaning that all 5xx status codes are reported to Sentry.

• Bottle: Delete never-reached code (#3605) by @​szokeasaurusrex

• Redis: Remove flaky test (#3626) by @​sentrivana

• Django: Improve getting psycopg3 connection info (#3580) by @​nijel

• Django: Add SpotlightMiddleware when Spotlight is enabled (#3600) by @​BYK

• Django: Open relevant error when SpotlightMiddleware is on (#3614) by @​BYK

• Django: Support http_methods_to_capture in ASGI Django (#3607) by @​sentrivana

  ASGI Django now also supports the http_methods_to_capture integration option. This is a configurable tuple of HTTP method verbs that should create a transaction in Sentry. The default is ("CONNECT", "DELETE", "GET", "PATCH", "POST", "PUT", "TRACE",). OPTIONS and HEAD are not included by default.

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.17.0

Various fixes & improvements

• Add support for async calls in Anthropic and OpenAI integration (#3497) by @​vetyy
• Allow custom transaction names in ASGI (#3664) by @​sl0thentr0py
• Langchain: Handle case when parent span wasn't traced (#3656) by @​rbasoalto
• Fix Anthropic integration when using tool calls (#3615) by @​kwnath
• More defensive Django Spotlight middleware injection (#3665) by @​BYK
• Remove ensure_integration_enabled_async (#3632) by @​sentrivana
• Test with newer Falcon version (#3644, #3653, #3662) by @​sentrivana
• Fix mypy (#3657) by @​sentrivana
• Fix flaky transport test (#3666) by @​sentrivana
• Remove pin on sphinx (#3650) by @​sentrivana
• Bump actions/checkout from 4.2.0 to 4.2.1 (#3651) by @​dependabot

2.16.0

Integrations

• Bottle: Add failed_request_status_codes (#3618) by @​szokeasaurusrex

  You can now define a set of integers that will determine which status codes should be reported to Sentry.

  sentry_sdk.init(
      integrations=[
          BottleIntegration(
              failed_request_status_codes={403, *range(500, 600)},
          )
      ]
  )
  

  Examples of valid failed_request_status_codes:

  • {500} will only send events on HTTP 500.
  • {400, *range(500, 600)} will send events on HTTP 400 as well as the 5xx range.
  • {500, 503} will send events on HTTP 500 and 503.
  • set() (the empty set) will not send events for any HTTP status code.

  The default is {*range(500, 600)}, meaning that all 5xx status codes are reported to Sentry.

• Bottle: Delete never-reached code (#3605) by @​szokeasaurusrex

• Redis: Remove flaky test (#3626) by @​sentrivana

• Django: Improve getting psycopg3 connection info (#3580) by @​nijel

• Django: Add SpotlightMiddleware when Spotlight is enabled (#3600) by @​BYK

• Django: Open relevant error when SpotlightMiddleware is on (#3614) by @​BYK

• Django: Support http_methods_to_capture in ASGI Django (#3607) by @​sentrivana

... (truncated)

Commits

• e44c9ee Update CHANGELOG.md
• ee30db3 release: 2.17.0
• 365d9cf Fix flaky transport test (#3666)
• 9ae5820 Add support for async calls in Anthropic and OpenAI integration (#3497)
• 891afee fix(spotlight): More defensive Django spotlight middleware injection (#3665)
• f493057 Allow custom transaction names in asgi (#3664)
• e463034 tests: Falcon RC1 (#3662)
• deca5f2 build(deps): Remove pin on sphinx (#3650)
• 302457d build(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#3651)
• 846b8b2 fix(langchain): handle case when parent span wasn't traced (#3656)
• Additional commits viewable in compare view

Updates importlib-metadata from 7.2.1 to 8.5.0

Changelog

Sourced from importlib-metadata's changelog.

v8.5.0

Features

• Deferred import of zipfile.Path (#502)
• Deferred import of json (#503)
• Rely on zipp overlay for zipfile.Path.

v8.4.0

Features

• Deferred import of inspect for import performance. (#499)

v8.3.0

Features

• Disallow passing of 'dist' to EntryPoints.select.

v8.2.0

Features

• Add SimplePath to importlib_metadata.all. (#494)

v8.1.0

Features

• Prioritize valid dists to invalid dists when retrieving by name. (#489)

v8.0.0

... (truncated)

Commits

• b34810b Finalize
• 8c1d1fa Merge pull request #501 from Avasam/Pass-mypy-and-link-issues
• afa39e8 Back out changes to tests._path
• 8b909f9 Merge pull request #503 from danielhollas/defer-json
• 2a3f50d Add news fragment.
• 3f78dc1 Add comment to protect the deferred import.
• 18eb2da Revert "Defer platform import"
• 58832f2 Merge pull request #502 from danielhollas/defer-zipp
• e3ce33b Add news fragment.
• d11b67f Add comment to protect the deferred import.
• Additional commits viewable in compare view

Updates flask-cors from 4.0.1 to 5.0.0

Release notes

Sourced from flask-cors's releases.

5.0.0

What's Changed

• Breaking: Change default to disable private network access by @​corydolphin in corydolphin/flask-cors#368 This effectively resolves https://github.com/advisories/GHSA-hxwh-jpp2-84pm https://osv.dev/vulnerability/PYSEC-2024-71

Full Changelog: https://github.com/corydolphin/flask-cors/compare/4.0.2...5.0.0

4.0.2

What's Changed

• Bump requests from 2.31.0 to 2.32.0 in /docs by @​dependabot in corydolphin/flask-cors#358
• Backwards Compatible Fix for CVE-2024-6221 by @​adrianosela in corydolphin/flask-cors#363
• Add unit tests for Private-Network by @​corydolphin in corydolphin/flask-cors#367

New Contributors

• @​dependabot made their first contribution in corydolphin/flask-cors#358
• @​adrianosela made their first contribution in corydolphin/flask-cors#363

Full Changelog: https://github.com/corydolphin/flask-cors/compare/4.0.1...4.0.2

Changelog

Sourced from flask-cors's changelog.

Change Log

Commits

• c851476 V5: Breaking: Change default to disable private network access (#368)
• 561ed26 Add unit tests for Private-Network (#367)
• 7ae310c Backwards Compatible Fix for CVE-2024-6221 (#363)
• f25c6b2 --- (#358)
• See full diff in compare view

Updates waitress from 3.0.0 to 3.0.1

Changelog

Sourced from waitress's changelog.

3.0.1 (2024-11-28)

Security

- Fix a bug that would lead to Waitress busy looping on select() on a half-open
  socket due to a race condition that existed when creating a new HTTPChannel.
  See https://github.com/Pylons/waitress/pull/435,
  https://github.com/Pylons/waitress/issues/418 and
  https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6
With thanks to Dylan Jay and Dieter Maurer for their extensive debugging and

helping track this down.


No longer strip the header values before passing them to the WSGI environ.

See Pylons/waitress#434 and

Pylons/waitress#432


Fix a race condition in Waitress when channel_request_lookahead is enabled

that could lead to HTTP request smuggling.
See https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj

Commits

• ae949bb Ready for 3.0.1
• e435901 Merge commit from fork
• 810a435 Add documentation for channel_request_lookahead
• f4ba1c2 Fix a race condition on recv_bytes boundary when request is invalid
• 7e7f11e Add a new test to validate the lookahead race condition
• 6943dcf Make DummySock() look more like an actual socket
• fdd2ecf Merge pull request #445 from Pylons/feature/support-py-3-13
• dcd18e7 Update exclude matrix
• 4633ea6 Drop Python 3.8 and add Python 3.13
• 4584936 Merge pull request #440 from Pylons/fix/ci
• Additional commits viewable in compare view

Updates jupyterhub from 5.1.0 to 5.2.1

Commits

• 9749b6e Bump to 5.2.1
• 979b47d Merge pull request #4935 from consideRatio/pr/cl521
• c12ccaf changelog for 5.2.1
• acc51db Merge pull request #4934 from minrk/nicer-import-error
• 51dcbe4 jupyterhub[singleuser]'s not a thing
• 6da70e9 informative error on missing dependencies for singleuser server
• 1cb98ce Merge pull request #4932 from manics/subdowmain-doc
• f2ecf6a Merge pull request #4930 from consideRatio/pr/startup-service
• 0a4c3bb Remove unnecessary exc_info from log
• e4ae7ce Remove out-of-date info from subdomain_hook doc
• Additional commits viewable in compare view

Updates pytest from 8.3.2 to 8.3.3

Release notes

Sourced from pytest's releases.

8.3.3

pytest 8.3.3 (2024-09-09)

Bug fixes

• #12446: Avoid calling @property (and other instance descriptors) during fixture discovery -- by asottile{.interpreted-text role="user"}

• #12659: Fixed the issue of not displaying assertion failure differences when using the parameter --import-mode=importlib in pytest>=8.1.

• #12667: Fixed a regression where type change in [ExceptionInfo.errisinstance]{.title-ref} caused [mypy]{.title-ref} to fail.

• #12744: Fixed typing compatibility with Python 3.9 or less -- replaced [typing.Self]{.title-ref} with [typing_extensions.Self]{.title-ref} -- by Avasam{.interpreted-text role="user"}

• #12745: Fixed an issue with backslashes being incorrectly converted in nodeid paths on Windows, ensuring consistent path handling across environments.

• #6682: Fixed bug where the verbosity levels where not being respected when printing the "msg" part of failed assertion (as in assert condition, msg).

• #9422: Fix bug where disabling the terminal plugin via -p no:terminal would cause crashes related to missing the verbose option.

  -- by GTowers1{.interpreted-text role="user"}

Improved documentation

• #12663: Clarify that the [pytest_deselected]{.title-ref} hook should be called from [pytest_collection_modifyitems]{.title-ref} hook implementations when items are deselected.
• #12678: Remove erroneous quotes from [tmp_path_retention_policy]{.title-ref} example in docs.

Miscellaneous internal changes

• #12769: Fix typos discovered by codespell and add codespell to pre-commit hooks.

Commits

• d0f136f build(deps): Bump pypa/gh-action-pypi-publish from 1.10.0 to 1.10.1 (#12790)
• 972f307 Prepare release version 8.3.3
• 0dabdcf Include co-authors in release announcement (#12795) (#12797)
• a9910a4 Do not discover properties when iterating fixtures (#12781) (#12788)
• 0f10b6b Fix issue with slashes being turned into backslashes on Windows (#12760) (#12...
• 300d13d Merge pull request #12785 from pytest-dev/patchback/backports/8.3.x/57cccf7f4...
• e5d32c7 Merge pull request #12784 from svenevs/fix/docs-example-parametrize-minor-typo
• bc913d1 Streamline checks for verbose option (#12706) (#12778)
• 01cfcc9 Fix typos and introduce codespell pre-commit hook (#12769) (#12774)
• 4873394 doc: Remove past training (#12772) (#12773)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[dependabot[bot]]

Superseded by #44.